summaryrefslogtreecommitdiffstats
path: root/usr.sbin/tcpdump (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* for packets with unknown payloads (outside the range of our knowledge) simplyderaadt2009-11-121-2/+4
| | | | | treat them the same as truncated packets ok sthen
* fix read-one-beyond-of-array errors; ok sthen jsgderaadt2009-11-123-6/+6
|
* Don't leak memory in error case.jsg2009-11-111-2/+4
| | | | Found by parfait.
* the new protocol moved insert and update.dlg2009-11-091-4/+6
|
* Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP),jsing2009-11-045-5/+2250
| | | | | | | | | | used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded. This work has been kindly sponsored by SystemNet AS (www.systemnet.no). "commit" deraadt@
* Sort port numbers and fix indentation.jsing2009-11-041-26/+26
|
* rtables are stacked on rdomains (it is possible to have multiple routingclaudio2009-11-031-6/+10
| | | | | | | | | | | | | | tables on top of a rdomain) but until now our code was a crazy mix so that it was impossible to correctly use rtables in that case. Additionally pf(4) only knows about rtables and not about rdomains. This is especially bad when tracking (possibly conflicting) states in various domains. This diff fixes all or most of these issues. It adds a lookup function to get the rdomain id based on a rtable id. Makes pf understand rdomains and allows pf to move packets between rdomains (it is similar to NAT). Because pf states now track the rdomain id as well it is necessary to modify the pfsync wire format. So old and new systems will not sync up. A lot of help by dlg@, tested by sthen@, jsg@ and probably more OK dlg@, mpf@, deraadt@
* a few leftovers from yesterday's SCCS/RCS-ID removal;schwarze2009-10-281-8/+1
| | | | | survived a full make build on i386; "sure" deraadt@
* rcsid[] and sccsid[] and copyright[] are essentially unmaintained (andderaadt2009-10-2765-388/+64
| | | | | | | unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
* Make the BGP OPEN capability parser RFC 5492 compliant. While there addclaudio2009-09-081-49/+87
| | | | | additional checks to make sure the known capabilities are correctly encoded and not truncated. Help and OK sthen@
* Teach the printer about capabilities, new cease codes, end-of-rib marker,sthen2009-09-071-54/+324
| | | | and handle 32-bit ASN. ok claudio@
* djm accidentally changed the type of dirfilt in the prototypesjsg2009-08-251-2/+2
| | | | | | | of pcap_live and priv_pcap_live in rev 1.6 to differ from the implementations, change the type back to what it was. ok djm@
* add missing " when printing an error string. ok henning@sthen2009-07-301-2/+3
|
* don't cast lvalue, no binary change.jsg2009-07-121-3/+3
|
* add a missing check for truncated dport in the returned UDP header forsthen2009-05-252-3/+5
| | | | ICMP_UNREACH_PORT. from Peter J. Philipp, ok jsing@. Closes system/6149.
* correcto in comment; from Amarendra Godbolejmc2009-04-171-2/+2
|
* teach tcpdump about match ruleshenning2009-04-061-2/+8
|
* do not include space in the end of the from for a hmac. after discussiondlg2009-03-311-12/+5
| | | | | | | | with deraadt@, mcbride@, and mpf@ it is obvious that a hmac doesnt make sense for pfsync. this also firms up some of the input parsing so it handles short frames a bit better.
* print alarm condition from leap indicator; ok henning@ otto@stevesk2009-03-041-2/+6
|
* better detect short frames. always print the version and length of thedlg2009-02-231-5/+9
| | | | | frame according to the pfsync header. dont try to parse an unsupported version of the protocol.
* Print spi in lowercase hex for consistency with print-enc.c and ipsecctl.mcbride2009-02-181-3/+3
| | | | ok hshoexer msf
* pfsync v5, mostly written at n2k9, but based on work done at n2k8.dlg2009-02-162-99/+212
| | | | | | | | | | | | | | | | | WARNING: THIS BREAKS COMPATIBILITY WITH THE PREVIOUS VERSION OF PFSYNC this is a new variant of the protocol and a large reworking of the pfsync code to address some performance issues. the single largest benefit comes from having multiple pfsync messages of different types handled in a single packet. pfsyncs handling of pf states is highly optimised now, along with packet parsing and construction. huggz for beck@ for testing. huge thanks to mcbride@ for his help during development and for finding all the bugs during the initial tests. thanks to peter sutton for letting me get credit for this work. ok beck@ mcbride@ "good." deraadt@
* document increased default snaplen; pointed out by dhillsthen2009-02-141-4/+4
|
* increase the default snaplen to 116, allows capture of pflog+ipv6+tcpsthen2009-02-142-13/+12
| | | | without knobs. ok djm, deraadt.
* In tcpdump some printf() had an additional \n at the end. Removingbluhm2009-01-292-8/+8
| | | | | | that new line restores the one-line -> one-packet semantics. ok hshoexer@, henning@, markus@
* Recognize MPLS packets over loopback interfaces.michele2008-12-291-2/+9
| | | | OK canacar@
* Instead of directly applying ntoh*() to fields of the capturedhshoexer2008-12-181-23/+26
| | | | | | | packet and thus modifying it use local varialbes instead. Otherwise, hexdumping packets shows corrupted data. ok markus@ some time ago
* add ethertype and tcpdump support for VLAN stacking (QinQ) withsthen2008-12-052-5/+12
| | | | | | type number 0x88a8 specified by 802.1ad. from reyk on misc@. "ok, go for it" dlg
* revert my last change -reyk2008-11-291-2/+2
| | | | | the xauth vendor id is a hash of "draft-ietf-ipsra-isakmp-xauth-06.txt" and defined in the document "draft-ietf-ipsec-isakmp-xauth-06.txt".
* fix typo in 'draft-ietf-ipsec-isakmp-xauth-06.txt'reyk2008-11-291-2/+2
| | | | ok hshoexer@
* fix format of AS number outputgollo2008-10-221-3/+3
| | | | ok henning@
* Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad.mpf2008-10-164-6/+280
| | | | | | Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
* Fix -X output of ppp packets. Inspired by PR4624 and especially the patchclaudio2008-10-101-5/+3
| | | | | provided by canacar@. I just modified it a bit to skip the data link proto number as well. OK deraadt@
* Merge printb() fix from ifconfig.c -r 1.157:mpf2008-09-191-3/+4
| | | | | Don't increment a pointer *before* testing it for NULL. OK canacar@
* More removal of clauses 3 and 4 from NetBSD licenses.ray2008-06-271-8/+1
| | | | OK deraadt@ and millert@
* use correct struct when checking DF or INET6, ok frantzen@ months agodavid2008-06-161-2/+2
| | | | forgotten in one of my trees
* Second half of PF state table rearrangement.mcbride2008-05-291-18/+30
| | | | | | | | | | | | | | | - Mechanical change: Use arrays for state key pointers in pf_state, and addr/port in pf_state_key, to allow the use of indexes. - Fix NAT, pfsync, pfctl, and tcpdump to handle the new state structures. In struct pfsync_state, both state keys are included even when identical. - Also fix some bugs discovered in the existing code during testing. (in particular, "block return" for TCP packets was not returning an RST) ok henning beck deraadt tested by otto dlg beck laurent Special thanks to users Manuel Pata and Emilio Perea who did enough testing to actually find some bugs.
* Don't just ntohl() the hours, but everything of the statempf2008-05-091-6/+7
| | | | creation time. OK mcbride@, henning@.
* add a short section on checksum offloading, based on a diffjmc2008-04-211-2/+8
| | | | | | from Alf Schlichting; help/ok henning
* add filtering on direction; ok mpf@ deraadt@ feedback jmc@djm2008-04-185-19/+44
|
* msg_controllen has to be CMSG_SPACE so that the kernel can account forderaadt2008-03-241-3/+3
| | | | | | | each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis
* Repair the simple cases for msg_controllen where it should just bederaadt2008-03-151-3/+3
| | | | | CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because of alignment; ok kettenis hshoexer
* Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due toderaadt2008-03-131-7/+13
| | | | an extensive discussion with otto, kettenis, millert, and hshoexer
* add basic snmpv2 support (snmpv2, trapv2, getbulk)reyk2008-01-172-17/+144
| | | | ok canacar@
* typos; ok jmc@martynas2007-11-271-2/+2
| | | | sys/dev/pci/pciide.c from naddy@
* typos; ok jmc@martynas2007-11-261-2/+2
| | | | | sys/netinet/in_pcb.c and sys/net/bridgestp.c ok henning@ sys/dev/pci/bktr/* ok jakemsr@
* fix printing of enterprise-specific SNMP traps.reyk2007-10-301-3/+3
| | | | ok claudio@ mglocker@
* Fix alignment issues on sparc64. Fixes pr 5608.moritz2007-10-261-5/+6
| | | | ok canacar@
* trash $Header goo which is just annoying; 5595deraadt2007-10-0779-154/+154
|
* Handle CARP for IPv6. Reported and tested by todd@canacar2007-10-041-1/+11
| | | | ok todd@, henning@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.